From ed540046f575abb2d281391ace12cd261a80cd37 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Tue, 2 Mar 2021 13:52:48 +0100 Subject: [PATCH] scripts/bootstrap: Apply Flatcar modifications - install curl before baselayout Now that Github rejects access to an unauthenticated URL with `git://`, we have to make git and libcurl work with `https://`. However, during the SDK stage2, curl is not explicitly installed, but just inherited from the stage1. As a result, curl is built without the `ssl` USE flag. So installation of baselayout fails with: ``` git fetch https://github.com/flatcar-linux/baselayout.git --prune +HEAD:refs/git-r3/HEAD fatal: unable to access 'https://github.com/flatcar-linux/baselayout.git/': Protocol "https" not supported or disabled in libcurl ``` To resolve the issue, we need to install curl with `BOOTSTRAP_USE=ssl` before trying to install baselayout. - update openssl before stage3 Right now our bootstrap flow is different then gentoo's - we don't update the seed when building stage1 and use a different ebuilds snapshot for stage1 compared to stage2 and stage3. This is causing us trouble now, because we introduced openssl-3, but seed/stage1 still contains openssl-1.1. During `emerge -e @system` in stage3, some packages that depend on openssl may build against the stage1 version, which results in an error during depcleaning (they would need to be rebuilt instead). Stage3 is not extensible, so instead, explicitly update openssl in stage2. This workaround can be removed as soon as we release a seed with openssl-3. Co-authored-by: Dongsu Park Co-authored-by: Jeremi Piotrowski Co-authored-by: Krzesimir Nowak --- .../third_party/portage-stable/scripts/bootstrap.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/portage-stable/scripts/bootstrap.sh b/sdk_container/src/third_party/portage-stable/scripts/bootstrap.sh index 1e99807569..9d312edb24 100755 --- a/sdk_container/src/third_party/portage-stable/scripts/bootstrap.sh +++ b/sdk_container/src/third_party/portage-stable/scripts/bootstrap.sh @@ -277,6 +277,10 @@ for atom in portage.settings.packages: [[ -z ${myTEXINFO} ]] && myTEXINFO="sys-apps/texinfo" [[ -z ${myZLIB} ]] && myZLIB="sys-libs/zlib" [[ -z ${myNCURSES} ]] && myNCURSES="sys-libs/ncurses" +# Flatcar: install curl with BOOTSTRAP_USE=ssl to fetch from https URLs +[[ -z ${myCURL} ]] && myCURL="net-misc/curl" +# Flatcar: upgrade to openssl-3 before system rebuild in stage3 +[[ -z ${myOPENSSL} ]] && myOPENSSL="dev-libs/openssl" # Do we really want gettext/nls? [[ ${USE_NLS} != 1 ]] && myGETTEXT= @@ -298,6 +302,10 @@ einfo "Using libc : ${myLIBC}" einfo "Using texinfo : ${myTEXINFO}" einfo "Using zlib : ${myZLIB}" einfo "Using ncurses : ${myNCURSES}" +# Flatcar: install curl with BOOTSTRAP_USE=ssl to fetch from https URLs +einfo "Using curl : ${myCURL}" +# Flatcar: upgrade to openssl-3 before system rebuild in stage3 +einfo "Using openssl : ${myOPENSSL}" echo ------------------------------------------------------------------------------- show_status 1 Configuring environment echo ------------------------------------------------------------------------------- @@ -332,9 +340,12 @@ if [ ${BOOTSTRAP_STAGE} -le 2 ] ; then STRAP_EMERGE_OPTS="${STRAP_EMERGE_OPTS} --resume" cp /var/run/bootstrap-mtimedb /var/cache/edb else + # Flatcar: install curl with BOOTSTRAP_USE=ssl to fetch from https URLs STRAP_EMERGE_POSARGS="\ ${myOS_HEADERS} ${myTEXINFO} ${myGETTEXT} ${myBINUTILS} \ - ${myGCC} ${myLIBC} ${myBASELAYOUT} ${myZLIB}" + ${myGCC} ${myLIBC} ${myCURL} ${myBASELAYOUT} ${myZLIB}" + # Flatcar: upgrade to openssl-3 before system rebuild in stage3 + STRAP_EMERGE_POSARGS="${STRAP_EMERGE_POSARGS} ${myOPENSSL}" fi ${V_ECHO} emerge ${STRAP_EMERGE_OPTS} ${STRAP_EMERGE_POSARGS} || cleanup 1 echo -------------------------------------------------------------------------------